Details

    • Type: Change Request
    • Status: Closed
    • Priority: Trivial
    • Resolution: Won't fix
    • Affects Version/s: 1.8.21, 2.2.7, 2.4.2
    • Fix Version/s: None
    • Component/s: Server (S)

      Description

      It would be great if you could create a macro witch gives you the amount of time since the trigger has fired, to detect some kind of unusual behaviour.

      As a Webhoster for example, to detect an unusual amount of packets, we created a trigger that measures the average amount of packets for 5 minutes and compare it to the average amout of pakets 30 minutes ago
      avg(5m) > (avg(30m,5m) * 3)
      to detect an unusual rise in the packet flof (possible DDoS)
      What i would want to do is, to keep the trigger on, as long as possible, and not for a maximum of 30 minutes, as than the avg values would become similar again.
      what i would want to do is place a macro in the 30m part with adds the value of minutes or seconds to the time-shift to keep track of the "sane" period of time everything was ok.

      How does that idea sound?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Daywalker Michael Polanz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: